[00:12.930 --> 00:18.050]  I'm going to refresh it again and see if it wakes up.
[00:25.240 --> 00:28.740]  Plavrdi, are you seeing this? Ah, there we go.
[00:30.780 --> 00:36.780]  Welcome, everybody! I want to thank everybody at DEF CON for coming to watch this Q&A session.
[00:36.940 --> 00:41.600]  I'm Fallible, we have Plavrdi as our Lagoon, and we are here with Yamila...
[00:41.600 --> 00:48.180]  Yamila Lavache, I believe. I totally did that wrong. She'll have to correct me here in a second.
[00:48.180 --> 00:50.280]  No, no, no. You pronounced it right.
[00:50.640 --> 00:56.000]  The talk is Bypassing Biometric Systems with 3D Printing.
[00:56.000 --> 00:58.660]  I'm super excited about this one.
[00:59.000 --> 01:07.440]  Any opportunity you have to talk about the details of how do you take biometric data
[01:07.440 --> 01:10.600]  and make it a physical thing that you can exploit
[01:11.600 --> 01:13.860]  because this is a really cool topic.
[01:14.240 --> 01:17.880]  I'm excited to see what more you have to say about it,
[01:17.880 --> 01:23.740]  and we're looking forward to questions coming in from the live Q&A audience.
[01:23.960 --> 01:31.300]  Before we get too far into this, this is, as I understand it, your first DEF CON talk.
[01:31.300 --> 01:32.680]  Is that correct?
[01:32.860 --> 01:37.160]  As you well know, there is a tradition here at DEF CON.
[01:37.160 --> 01:42.960]  For your very first DEF CON talk, we like to shoot the noob.
[01:42.960 --> 01:48.280]  So I would like you to acquire the beverage that you have prepared.
[01:48.280 --> 01:49.780]  Excellent.
[01:50.320 --> 01:52.540]  To tradition.
[01:52.800 --> 01:53.880]  Cheers.
[01:53.880 --> 01:55.080]  Cheers.
[01:57.900 --> 01:59.420]  Awesome.
[01:59.420 --> 02:00.560]  Wow.
[02:00.560 --> 02:03.400]  This is my beverage.
[02:03.420 --> 02:04.180]  Oh.
[02:04.400 --> 02:07.260]  Ginger liquor from Switzerland.
[02:08.520 --> 02:11.280]  My whiskey just got to me. Excuse me.
[02:12.680 --> 02:13.780]  Okay.
[02:13.780 --> 02:16.440]  Yeah, you can certainly refill that glass if you want to.
[02:16.440 --> 02:18.380]  Yeah, you're welcome to. This is your time.
[02:18.380 --> 02:24.480]  I also have Fernet because this is the beverage that we bring in Argentina.
[02:24.480 --> 02:28.040]  It's our beverage, our preferred beverage.
[02:28.040 --> 02:29.200]  With Coke.
[02:30.080 --> 02:32.800]  I also have Fernet here.
[02:32.800 --> 02:37.340]  That's your nice mixer. You get it in with the Coke and it's the national beverage.
[02:37.340 --> 02:38.960]  I like that.
[02:39.720 --> 02:40.960]  Well, excellent.
[02:41.400 --> 02:44.040]  Let's get you started with this...
[02:44.700 --> 02:49.300]  Well, you prompted me with a couple of questions, but I want to go a slightly different direction.
[02:49.680 --> 02:52.540]  Tell us what 3D printers you have.
[02:52.540 --> 03:00.040]  Because a 3D printer capable of doing the things at the resolution that you're working in is obviously interesting.
[03:00.140 --> 03:02.700]  So, you have a couple of them, right?
[03:03.040 --> 03:05.820]  Yes, I have two.
[03:05.820 --> 03:10.640]  The first one is an FDM, a filament 3D printer.
[03:10.640 --> 03:16.380]  It's a clone of the Prusa i3 MK2.
[03:16.380 --> 03:21.960]  I built myself, I assembled the 3D printer myself.
[03:22.180 --> 03:24.540]  I love it.
[03:25.480 --> 03:28.300]  Also, it was really interesting too.
[03:28.300 --> 03:34.750]  It took like a month, but in the end, it's great.
[03:35.120 --> 03:39.080]  And then, last year, I bought another one.
[03:39.080 --> 03:42.500]  A resin 3D printer, the Anycubic Photon.
[03:42.500 --> 03:53.740]  And this is the printer that I use for this research, because I needed the resolution of a resin 3D printer.
[03:53.740 --> 03:57.220]  I can't do the research with the other printer.
[03:57.400 --> 04:02.400]  And it sounds like it's doing the job, so that's useful for us to know.
[04:02.400 --> 04:05.240]  And you might have mentioned that in the talk.
[04:05.240 --> 04:08.400]  I'm sorry, I missed it when we came through, so thank you for that.
[04:08.400 --> 04:09.680]  I appreciate that.
[04:09.680 --> 04:14.240]  So, what got you into this area of research?
[04:16.620 --> 04:32.200]  Last year, I learned that some people broke the authentication mechanism of Galaxy S10 with just a silicone cover.
[04:32.400 --> 04:34.200]  That was interesting.
[04:34.200 --> 04:41.400]  And also, I think it was the Geek Pong cybersecurity competition.
[04:41.400 --> 04:50.560]  The research team from Tencent broke the authentication mechanism of three different phones.
[04:50.720 --> 04:57.700]  Taking a photo of a fingerprint, a latent fingerprint in glass.
[04:57.700 --> 05:05.920]  And then, 20 minutes later, they had a working fake fingerprint.
[05:05.920 --> 05:14.440]  So, I was thinking that they might have used some type of 3D printing for that.
[05:14.440 --> 05:26.660]  And that's one of the reasons that I wanted to try and see if I, in my home, with my home resin 3D printer, I can duplicate fingerprints.
[05:26.660 --> 05:35.180]  Also, the leakage of biometric data from companies.
[05:35.760 --> 05:39.160]  Say that part again. The leaked cache?
[05:39.380 --> 05:53.540]  Oh, no. The leak of biometric data from several biometric companies also was inspiration, we can say, for this research.
[05:53.540 --> 06:00.500]  Now, I don't think I've heard of a leak of biometric data from other companies. Can you talk a little bit more about that?
[06:01.480 --> 06:14.500]  Yes, it was last year that a leak from a biometric company and all the fingerprints and other data was leaked.
[06:14.500 --> 06:27.240]  And I was thinking about how, if an attacker can use this information to create fake fingerprints for a person.
[06:27.240 --> 06:38.220]  Because I can't change my fingerprints. And if my fingerprints are on a leak and a person can do a duplicate.
[06:38.660 --> 06:44.380]  So, that was one of the reasons for doing this research also.
[06:44.380 --> 07:01.100]  That's great. There was a question I really wanted to ask you. Is there evidence that there are people who are amassing these people's biometric data and then using that somehow?
[07:01.100 --> 07:12.860]  I think that the way I was going to put this out there was, what of the methods that you discussed in your talk are things that we can share?
[07:12.860 --> 07:19.040]  That I could digitize and create a database of other people's biometric data?
[07:19.760 --> 07:32.240]  Yes, I think this technique can be used. As you can see in the paper and in the video, it's not easy, all the process to duplicate the fingerprint.
[07:32.560 --> 07:40.860]  It takes time and experience, but I think that it can be done.
[07:40.860 --> 07:51.060]  And also with other equipment, because my research was a very low budget one. I only have my 3D printer.
[07:51.360 --> 08:01.440]  For example, I don't have a digital microscope to measure the reach height and something like this.
[08:01.440 --> 08:13.700]  But I think with more resources, it could be possible to do it in a bigger scale, not just one.
[08:14.860 --> 08:26.060]  So with that, what was your failure rate? How often did you have to reprint the fingerprints that you were creating?
[08:26.060 --> 08:33.740]  And each of your examples, I know that you had your, hey, it worked on this version, it didn't work on this version.
[08:33.740 --> 08:39.620]  But I didn't see where you were discussing how many times you had to try in order to get one that actually worked.
[08:39.620 --> 08:46.900]  Yes, I have here some of the failure. I don't know if you can see. A lot of failure.
[08:49.600 --> 08:55.480]  So I have here the molds and some of the fake fingerprints.
[08:56.600 --> 09:02.460]  The most important thing with the duplication of the fingerprint is the size.
[09:02.460 --> 09:16.820]  If you can configure the correct size and specifically the reach height, because we can't measure the reach height without a specific technology like the microscope.
[09:16.820 --> 09:18.520]  I don't have one.
[09:19.780 --> 09:37.920]  So for that reason, and also the configuration of the printer, according to the resin and this type, I print at the end, I print like 10 batches.
[09:38.400 --> 09:44.060]  And in each one, I print several fingerprints, not just one.
[09:44.060 --> 09:54.520]  And also I try with different, for example, I print this in a horizontal way and it works better in a vertical way.
[09:54.520 --> 10:05.960]  You can see here that it has the support because I needed to print in vertical. The resolution was better in vertical than in the horizontal.
[10:05.960 --> 10:12.320]  So that's information that you discover when you are testing and experimenting.
[10:13.300 --> 10:16.680]  I wouldn't think of it before.
[10:16.820 --> 10:18.420]  Absolutely.
[10:18.640 --> 10:24.980]  And also I don't have experience in criminalistic or nothing.
[10:24.980 --> 10:35.060]  It's just I wanted to try if a regular user with a 3D printer can duplicate fingerprints.
[10:35.060 --> 10:38.080]  That was the idea of the research.
[10:39.020 --> 10:42.160]  It's very fun to try all the other methods also.
[10:42.160 --> 10:45.500]  Not when I burn myself with hot glue.
[10:48.000 --> 10:54.080]  Yeah, I think that a lot of makers are going to be familiar with that particular one.
[10:54.400 --> 10:55.600]  Oh, yes.
[10:56.820 --> 11:04.900]  I learned about this experience and now I do it with a lot of care.
[11:04.900 --> 11:06.640]  Live and learn. I like that.
[11:06.640 --> 11:09.950]  So did you try these attacks on other devices?
[11:11.820 --> 11:19.060]  I tried only on the devices that are in the paper and in the talk.
[11:19.060 --> 11:24.940]  But also the people from Cisco, from Talos, they made very similar research.
[11:24.940 --> 11:31.060]  I was talking from one to one of them with Paul and he used the same printer.
[11:31.060 --> 11:35.960]  And he tested in different, totally different devices.
[11:35.960 --> 11:42.760]  Like computers and padlocks and I think other phones.
[11:42.760 --> 11:47.160]  So also you can make data results.
[11:47.160 --> 11:54.440]  Because it's similar but they use the same printer and other software, different software.
[11:54.440 --> 11:57.220]  And they test on other devices.
[11:57.220 --> 12:01.400]  So I think it can be used to see.
[12:01.400 --> 12:05.080]  But they succeed in most of the devices.
[12:05.080 --> 12:07.880]  So it's an attack that is feasible.
[12:08.060 --> 12:09.320]  Excellent, that makes sense.
[12:09.320 --> 12:16.520]  And it's something that you can, if a person wanted to, this could be expanded into a pile of other devices.
[12:16.660 --> 12:24.720]  So beyond just other devices, what other types of biometric attacks would you be interested in researching in the future?
[12:26.580 --> 12:30.960]  I am very interested in facial recognition.
[12:31.180 --> 12:34.940]  In two different aspects of facial recognition.
[12:34.940 --> 12:38.260]  The first one is avoid facial recognition.
[12:38.260 --> 12:41.780]  I think it's an interesting topic.
[12:41.780 --> 12:46.660]  And the other one is using fake biometric trace.
[12:46.660 --> 12:51.200]  For example, a mask or a 3D printed head.
[12:51.320 --> 12:54.360]  I am working on that.
[12:54.360 --> 12:59.980]  And I am testing this type of attacks in facial recognition systems.
[12:59.980 --> 13:04.960]  I don't have conclusive results yet, but I am trying.
[13:04.960 --> 13:09.840]  And I'm having a lot of fun because I love doing this type of research.
[13:09.840 --> 13:11.540]  That's fantastic.
[13:11.740 --> 13:13.960]  That's the right way to take that.
[13:14.560 --> 13:18.860]  Let's check, do we have any good questions coming in?
[13:20.200 --> 13:23.060]  Not seeing too many questions coming in.
[13:23.060 --> 13:28.340]  A lot of people are talking about some of the data dumps that have been coming through.
[13:28.840 --> 13:33.420]  Many thousands of fingerprints getting released.
[13:34.100 --> 13:38.800]  That could be a problem with government and federal contractors.
[13:39.320 --> 13:42.680]  Fingerprints getting released to the public as well.
[13:42.680 --> 13:47.340]  Which is a really interesting thing to direct the conversation towards.
[13:47.340 --> 13:50.680]  As more and more people are...
[13:52.120 --> 13:54.900]  As more of this data is out there and available.
[13:55.420 --> 14:01.460]  The type of research you are doing is probably more important for some of these companies.
[14:01.460 --> 14:05.300]  It's that old statement, I think you even said it in your talk.
[14:05.300 --> 14:09.700]  That once your biometric data is out there in the world.
[14:09.700 --> 14:13.500]  You only have 10 fingers.
[14:13.620 --> 14:14.620]  You can't reset it.
[14:14.620 --> 14:16.660]  You can't reset those.
[14:17.000 --> 14:23.960]  I think that my ocular scan is owned by Microsoft somewhere.
[14:24.480 --> 14:31.100]  There is only a limited number of options that you have.
[14:31.820 --> 14:41.940]  You are definitely going in the direction of the physical manifestation of these rebuilding things physically.
[14:43.200 --> 14:45.100]  What would be...
[14:46.740 --> 14:53.300]  You already mentioned that having a good microscope would help you approach the next...
[14:53.820 --> 14:56.120]  Whatever the next milestone is on this.
[14:56.120 --> 15:00.360]  If you can't really measure the ridge height, then you are having a difficult time.
[15:01.300 --> 15:03.980]  Determining which ones are going to work or not.
[15:04.300 --> 15:09.340]  What other pieces of technology do you think you'd want in order to move your research further?
[15:11.220 --> 15:16.540]  I think for the resolution of the printing.
[15:16.540 --> 15:21.780]  I think with my 3D printer it's okay.
[15:22.340 --> 15:26.980]  Perhaps with a better 3D printer.
[15:26.980 --> 15:33.880]  We will succeed in less tries.
[15:33.880 --> 15:37.720]  But also the microscope will be good.
[15:37.720 --> 15:41.440]  Because the worst problem was the ridge height.
[15:41.440 --> 15:43.060]  I needed to try.
[15:43.060 --> 15:47.000]  I know the normal human ridge height.
[15:47.000 --> 15:54.840]  But I need to try a lot to find out the exact one to duplicate the fingerprint.
[15:54.840 --> 15:58.540]  So that was a lot of tries.
[15:58.640 --> 16:00.120]  That makes sense.
[16:00.300 --> 16:02.380]  We did have one question come in.
[16:03.520 --> 16:09.340]  Lefebunachi wants to know, do you think you'll be back next year to discuss facial recognition?
[16:09.460 --> 16:17.080]  And what might help you to be able to do enough research to be able to present on that next year?
[16:18.300 --> 16:19.040]  No.
[16:21.080 --> 16:22.280]  Yes, I don't know.
[16:22.280 --> 16:23.900]  I am trying.
[16:23.900 --> 16:29.700]  Now we are working with the masks and the 3D printed head.
[16:30.000 --> 16:31.680]  We need a scanner.
[16:31.680 --> 16:33.540]  It's another technology.
[16:33.540 --> 16:37.340]  So we are trying to achieve that.
[16:37.340 --> 16:39.680]  But I think it could be possible.
[16:39.680 --> 16:42.400]  With this research or with others.
[16:42.940 --> 16:48.600]  It was always my dream to contribute with DEF CON in some sort of way.
[16:48.600 --> 16:52.500]  And I'm very happy to present a talk this year.
[16:53.860 --> 16:57.500]  Well, you definitely hit the ground running with this one.
[16:57.680 --> 17:00.880]  I really like your research and the way you put this together.
[17:01.600 --> 17:06.780]  I love that Palavrity just came up with this idea to share with me.
[17:07.140 --> 17:18.480]  And I think you actually talked about this a bit in your talk of creating fake fingerprints for yourself so you could be somebody else to an effect.
[17:18.600 --> 17:24.800]  Would you talk a little bit about the TSA agents in some other country?
[17:24.800 --> 17:32.780]  Was it Argentinian TSA agents or somebody that got fired for using fake fingers?
[17:33.600 --> 17:34.200]  Yes.
[17:34.200 --> 17:42.640]  Here in Argentina, the local airline fired, I think it was six people.
[17:42.640 --> 17:45.180]  Because they were using silicone.
[17:45.180 --> 17:48.940]  I am going to show... I have now the silicone.
[17:49.240 --> 17:54.700]  This is just a silicone fingerprint.
[17:54.700 --> 18:02.320]  But they use a silicone finger to impersonate the different users.
[18:02.320 --> 18:09.880]  To try to... I don't know how to say the word.
[18:09.880 --> 18:16.580]  But they try to falsify their entry to work.
[18:17.120 --> 18:20.340]  The different people.
[18:20.340 --> 18:22.320]  So, only one of them...
[18:23.400 --> 18:25.560]  If show time is six o'clock.
[18:25.560 --> 18:27.300]  Show to people.
[18:27.300 --> 18:29.320]  Show to the work, sorry.
[18:29.320 --> 18:33.600]  And with the other five people, silicone fingers.
[18:33.940 --> 18:34.820]  Wow.
[18:35.940 --> 18:37.380]  That's fascinating.
[18:37.460 --> 18:43.500]  Because you always heard of times when one person would go into work and just pull the punch cards for everybody and put those in.
[18:43.500 --> 18:46.380]  So they thought they solved it by forcing the fingerprint.
[18:46.380 --> 18:51.460]  And it sounds as though they were like, yeah, we'll just do silicone reprints of everyone's fingerprints.
[18:51.780 --> 18:52.460]  Sign them in.
[18:52.460 --> 19:00.580]  Another interesting side of this story is when I was showing this research to friends and people,
[19:00.720 --> 19:05.560]  a lot of them asked me to reproduce their finger for this type of...
[19:05.560 --> 19:07.400]  Of course, I don't.
[19:07.400 --> 19:09.220]  Of course, I don't.
[19:09.220 --> 19:20.280]  But a lot of people asked me, especially in optical sensors, asked me for a silicone copy of their...
[19:20.280 --> 19:24.420]  But no, don't DM me asking for that.
[19:24.420 --> 19:26.840]  Well, I mean, that is the next question, right?
[19:26.840 --> 19:32.340]  If you've done a bunch of these different systems, are you talking about an optical fingerprint scanner?
[19:32.340 --> 19:34.820]  Or are you talking about the retina scanner?
[19:34.980 --> 19:39.900]  Because I would really like to know how you would attack something like a retina scanner.
[19:40.860 --> 19:47.400]  Yes, we are not attacking iris yet.
[19:47.400 --> 19:48.020]  Not yet.
[19:48.020 --> 19:53.000]  And also the finger vein.
[19:53.000 --> 20:04.510]  I was trying to get one of these.
[20:05.540 --> 20:11.300]  I'm talking to the vendor, but not yet.
[20:11.300 --> 20:12.640]  You haven't managed it yet.
[20:12.640 --> 20:18.240]  Well, maybe someone who has some access to that is listening now and will go,
[20:18.240 --> 20:20.520]  Oh, well, we need to make sure you get that.
[20:20.520 --> 20:27.580]  So hopefully that's something that will come of your DEF CON talk time.
[20:29.080 --> 20:37.300]  So, let's see, people are doing more commentary in the chat channel about some of the relative comfort
[20:37.300 --> 20:42.620]  or how often some of these different biometric systems are in use out in the world.
[20:42.640 --> 20:44.980]  That's kind of interesting.
[20:45.520 --> 20:49.240]  So, let's see, you have your collection over here.
[20:49.240 --> 20:51.220]  You have your silicone fingers.
[20:51.220 --> 20:55.140]  Yes, I can show some of these.
[20:55.140 --> 21:01.800]  I have here the alginate molds.
[21:01.800 --> 21:06.740]  It's like the same alginate that they use for dental molds.
[21:07.740 --> 21:20.440]  Also, I have to buy the alginate in a dental office, so it was complicated.
[21:20.440 --> 21:28.900]  Also, the fingerprint powder, I have problems to get that.
[21:29.580 --> 21:33.980]  You probably have to answer some really interesting questions, I'm assuming.
[21:33.980 --> 21:35.220]  Yes.
[21:35.860 --> 21:44.540]  Also, I have here, the best molds are the hot glue molds, because they are really, really detailed.
[21:44.540 --> 21:50.820]  Also, the alginate molds are very good, but the hot glue molds are better.
[21:50.820 --> 22:01.280]  And for the fake fingerprints, material that worked better for us was latex.
[22:01.280 --> 22:06.300]  I use liquid latex, you can see here, it's really thin, really, really thin.
[22:07.580 --> 22:10.120]  But you can use a school glue also.
[22:10.120 --> 22:16.280]  I use liquid latex, the same one that they use for special effects.
[22:16.640 --> 22:22.380]  I think it will be better, but I think with the school glue, it's enough.
[22:23.500 --> 22:32.740]  Silicone works great in the optical scanners, but not in capacitive, because silicone is insulating, so no.
[22:33.160 --> 22:38.580]  For the capacitive scanners, we need to use latex.
[22:38.580 --> 22:47.160]  And with your real finger behind, the conductivity is enough to fool the scanner.
[22:47.160 --> 22:48.820]  Interesting.
[22:48.820 --> 22:53.900]  Yes, that part is really interesting.
[22:58.470 --> 23:04.660]  Ah, wood glue. I also use wood glue, it's very thin also.
[23:04.660 --> 23:05.680]  Which kind of glue?
[23:05.680 --> 23:07.440]  Wood glue.
[23:07.440 --> 23:20.840]  Wood glue works great, but you can use it one or two times and then it gets rigid and it won't work anymore.
[23:20.840 --> 23:27.580]  But latex, you can use it several times for a lot of time. And silicone also.
[23:27.580 --> 23:40.200]  Okay, so it looks like a lot of what you've just gone over are things that you need the assistance of the person who has the fingerprint in order to build this. Is that correct?
[23:40.200 --> 23:48.900]  How many of these methods can you, if you lift a fingerprint off of a glass or a picture like you were mentioning earlier?
[23:50.620 --> 23:58.960]  Yes, the 3D printing part was only on a non-cooperative way.
[23:58.960 --> 24:13.620]  We obtained the fingerprints in glass or an inked fingerprint, one that you can obtain in the police, that type of inked fingerprint.
[24:13.620 --> 24:19.700]  So we used that to create the 3D printed mold.
[24:20.440 --> 24:25.080]  We created a mold, a negative and a positive.
[24:25.360 --> 24:32.980]  The positive, because the resin is hard, you can see here that I can't bend it.
[24:34.020 --> 24:46.120]  So the positive worked only on one of the optical scanners and in the ultrasonic, but it was not good.
[24:46.120 --> 24:53.440]  But the mold was great and we cast the 3D printed mold with liquid latex.
[24:53.440 --> 25:04.660]  This work on all the type of sensors that we try in the capacitive, in the optical and also in the ultrasonic.
[25:05.440 --> 25:07.340]  Got it, all of them.
[25:07.600 --> 25:13.420]  How many different manufacturers are there of these different fingerprint scanners?
[25:13.420 --> 25:16.720]  And how many of them have you had an opportunity to test on?
[25:18.060 --> 25:23.960]  I tested only four, but I think there are a lot.
[25:25.860 --> 25:33.500]  Where do you intend to take this portion of your experimentation as you go forward?
[25:33.500 --> 25:41.660]  I know I asked a little bit of this question before, but we've already covered there's a few gaps that would be interesting to fill.
[25:41.660 --> 25:44.500]  What is next? Where do you go?
[25:48.380 --> 25:49.380]  I've lost you.
[25:49.380 --> 26:08.800]  Another attack vector that I didn't try is obtaining a fingerprint from, for example, a liquid biometric database and from the sensor, directly from the sensor.
[26:08.800 --> 26:16.910]  I think that in this way, perhaps we don't need to enhance the fingerprint.
[26:17.700 --> 26:29.140]  And we can't, because for all of that, we need an enhancement process because the obtained fingerprints were not directly actionable.
[26:29.140 --> 26:34.140]  We need to enhance it in order to do the mold.
[26:34.140 --> 26:42.060]  But in that case, I think it could be possible to make a mold without the enhancement process.
[26:42.060 --> 26:44.780]  So I would like to try that.
[26:45.620 --> 26:46.200]  That's good.
[26:46.280 --> 26:47.940]  Yeah, I like that.
[26:48.100 --> 26:52.120]  Well, we are rapidly approaching the end of our allotted time.
[26:52.760 --> 26:58.020]  Plarity, did you see any extra questions in the chat that we should hit?
[26:58.960 --> 27:01.940]  Yeah, I think there's probably two that have come in.
[27:01.940 --> 27:08.820]  One from the ironically named Dexterous said that I've seen biometric hand scanners.
[27:08.820 --> 27:14.540]  Not sure how they work, but I've noticed that when a person loses a lot of weight, they have to get the handprint redone.
[27:14.540 --> 27:16.400]  Does that happen with fingerprints?
[27:16.520 --> 27:21.020]  And if it does, could you just resize a copy of the fingerprint to work correctly?
[27:23.340 --> 27:32.860]  I didn't understand. I understand that it's a hand, like all the fingerprints are scanned at the same time?
[27:33.060 --> 27:39.080]  Yes, they're saying if they do the whole hand and then somebody loses a lot of weight, they have to redo it.
[27:39.080 --> 27:42.500]  And do you think it would be the same thing with just a finger?
[27:43.300 --> 27:56.740]  It could be because the reach height, sorry, the reach width varies with the health.
[27:56.740 --> 28:04.860]  And I can see complexity of the people and it could be the same.
[28:04.860 --> 28:09.860]  It's interesting to try. I will love to try that.
[28:09.860 --> 28:14.920]  And have you also looked at how fingerprint data is stored in the devices?
[28:14.920 --> 28:22.900]  Is it just stored with numbers or actually, how do devices store fingerprint data?
[28:22.920 --> 28:28.840]  The devices that I analyze, they are images.
[28:29.380 --> 28:33.080]  A biometric database with images.
[28:33.080 --> 28:35.480]  So that's what's the interesting part.
[28:35.480 --> 28:42.600]  I want to try if you can obtain in some way the database.
[28:42.780 --> 28:50.640]  I would like to try and see if you can reproduce the fingerprint from that data.
[28:50.880 --> 28:53.140]  I think it's interesting too.
[28:53.380 --> 28:55.940]  That sounds like a wonderful place to aim next.
[28:55.940 --> 29:04.140]  So we are right at the end. I really appreciate your willingness to come and give the presentation and spend some extra time with us in this Q&A.
[29:04.140 --> 29:20.140]  If you are willing to do so, we like to have presenters drop into the track one at the end and give contact information, Twitter or websites or anything if somebody wants to reach out and address you afterwards.
[29:20.560 --> 29:29.800]  And then I would really like to ask you one final question of what would be the big takeaway that you would like us to have to grab from your talk?
[29:30.040 --> 29:32.540]  What's the big punchline here?
[29:33.060 --> 29:51.140]  I think the big takeaway is geometric systems in a special fingerprint are not secure enough for using it as an authentication method.
[29:51.140 --> 30:09.060]  I know that for regular people, perhaps it's not a problem, but with different treat models, other people, more exposed people, it's just not a good way to authenticate to the devices.
[30:09.060 --> 30:22.080]  Because if a printer in my home can duplicate the fingerprints with more resources, then it could...
[30:23.080 --> 30:37.580]  It's not secure enough for depending upon your threat model. Okay, excellent. Well, thank you so much. If anyone has any additional questions, they are welcome to reach out and there will be some contact information hitting track one soon.
[30:37.580 --> 30:44.420]  Otherwise, have a great rest of your convention. I wish you the best and hope to see more from you later.
[30:46.240 --> 30:47.360]  Thank you.
